Entries with tag us cyberattacks.

Hackers Hit Unclassified White House Computer Network

An unclassified network within the US White House was hacked, according to various press reports. The Executive Office of the President network was attacked roughly two or three weeks ago, according to the Washington Post, affecting some of the Executive Office computing resources and causing a temporary network outage as cybersecurity teams sought to isolate the illicit activity. It is unclear whether the hackers took any data from the network, which isn’t used for classified communications. Unnamed US officials claim it was a state-sponsored attack. The US National Security Agency, Federal Bureau of Investigation, and Secret Service are investigating. (BBC)(eWeek)(The Washington Post)

Home Depot Investigates Possible Data Breach

US home-improvement retailer Home Depot is investigating “unusual activity” regarding its customer data, following a report by investigative security journalist Brian Krebs that the company may have suffered a payment-card breach that started in April or May and that may affect all 2,200 US stores. He discovered details about the incident from a posting on a black market forum. Home Depot spokeswoman Paula Drake said if the company confirms that a breach has occurred, it will notify customers immediately. Krebs noted that it appears the hackers responsible “may be the same group of Russian and Ukrainian hackers responsible for [earlier] data breaches at Target, Sally Beauty, and P.F. Chang’s, among others.” . If the breach indeed began in late April or early May 2014, he added, “and if even a majority of Home Depot stores were compromised, this breach could be many times larger than [the] Target [incident], which had 40 million credit and debit cards stolen over a three-week period.” (BBC)(Krebs on Security)

Hackers Target Large Banks

Several large US banks were attacked by hackers who appear to have used malware and a zero-day vulnerability to infiltrate networks and obtain corporate and customer data. At least five banks—only JP Morgan Chase was identified—were involved in the attacks, in which cybercriminals stole “gigabytes of customer data,” according to the anonymous sources cited by news outlets. However, it is unclear whether they took credit card or other account information. The fact that there have been no reports of money moved from accounts indicates the attack was politically motivated, according to a US government source. The US FBI, Secret Service, and National Security Agency are investigating the breaches. Initial investigations indicate the attacks were routed through computers in Latin America from servers that Russian hackers are known to use. Security vendor Trend Micro reported an uptick in attacks on US and European banks since 24 July 2014 from computers whose IP addresses appear to be in former Soviet bloc countries. JP Morgan Chase spokesperson Brian Marchiony declined comment on the recent incidents, saying only, “Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract threats and constantly monitor fraud levels.” In April, JPMorgan Chase CEO Jamie Dimon said the company was increasing its annual expenditures on security by 25 percent—to $250 million—compared to 2013. (CNN Money)(re/Code)(Bloomberg)

Cyberattack Compromises Data on US Homeland Security Employees

A cyberattack on USIS, formerly known as US Investigations Services, a company that conducts background checks for federal government employees, compromised the personal data of at least 25,000 of those workers, including undercover investigators. For example, the breach exposed personal information of Department of Homeland Security (DHS) employees. The compromised information includes Social Security numbers, education and criminal history, birth dates, and personal information about relatives and friends. Dmitri Alperovitch, chief technology officer with cybersecurity firm CrowdStrike, said hackers “would be collecting this data to identify individuals who might be vulnerable to extortion and recruitment.” USIS disclosed the attack earlier this month—saying it has “all the markings of a state-sponsored attack”—but did not say how many records had been compromised or which agencies were affected. DHS suspended all work with the company and the FBI is investigating the attack. USIS could not be reached for comment. (Reuters)(NBC News)

US Department of Homeland Security to Businesses: Beware Backoff Malware

A new US Department of Homeland Security advisory cautions businesses to prepare for malware known as Backoff, which lets hackers steal customers’ Social Security numbers and other sensitive data. The malware was behind the massive 2013 Target data breach and the recent compromise of cash–register systems at 51 UPS Stores, and may have already infected 1,000 or more other companies and organizations of all sizes. Backoff, first seen in October 2013, was not incorporated into antivirus applications until this month. Security experts have found at least three Backoff variants. So far, seven point-of-sale service providers have found the malware on their systems and notified officials about the issue, according to the Department of Homeland Security. To infect victims with Backoff, cyberattackers first use commonly available tools to find businesses using remote desktop applications. Once located, they use brute force attacks to access company accounts with privileges that let them install the malware on point-of-sale systems. The Department of Homeland Security is advising businesses that think they have been infected with Backoff to contact their local US Secret Service field office and the National Cybersecurity and Communications Integration Center. (Digital Trends)(American Banker)(US-CERT)

US Task Force Reports Retailer-Focused Cyberattacks Not Coordinated

A newly-released government report found that the recent cyberattacks against US retailers were not coordinated. According to the report by the National Cyber Investigative Joint Task Force—an alliance of US law enforcement agencies such as the FBI, Secret Service, and Department of Homeland Security—the attacks were not a concerted attempt to harm the US economy. The task force is continuing to track attacks on retailers that use malware that targets payment systems. The report, which didn’t name victims, said retailers could have blocked malware that attacked vulnerable remote network-management software. “It sounds like they’re saying that Target didn’t segment their network properly,” Avivah Litan, a cybersecurity analyst at market-research firm Gartner Inc. told the Wall Street Journal. “It’s very difficult to manage all these remote access accounts. It’s very reasonable that Target thought it was properly protected.” (The Associated Press)(Wall Street Journal) 

Target Stores Hackers Gained Access via Contractor

The hackers who stole customer credit- and debit-card numbers from the Target company’s computer network late last year gained access via credentials stolen from a refrigeration and heating, ventilation, and air conditioning company that did contract work for the department-store chain. The US Secret Service is investigating the Pennsylvania-based Fazio Mechanical Services, which had access rights to Target’s system to enable remote temperature and energy use monitoring. Both Fazio and Target officials declined comment. Hackers were able to access Target point-of-sale devices via Fazio because Target didn’t segregate systems handling sensitive payment-card data from the rest of its network. Late last year, hackers stole credit- and debit-card data from as many as 110 million customers in November and December 2013. Target may be forced to ultimately pay $420 million for the breach, according to one Gartner analyst, which would cover various costs associated with the breach, including consumer credit monitoring and legal fees. (CNET)(Reuters)(Computerworld)(Krebs on Security)

Experts Debate Origins of Malware in Recent Attacks on Retailers

A security firm that originally tied malware used in the Target and Neiman Marcus cyberattacks to a Russian teenager is now backing off those claims. IntelCrawler had said that a St. Petersburg area teen not involved in the actual attacks wrote the  KAPTOXA or BlackPOS memory scraping malware. However, the company said this may not be the case after respected security blogger Brian Krebs wrote that he isn’t convinced the teenager wrote the malicious software.  The malware was reportedly created in March 2013, then placed online for others to take, alter, and utilize. It was used in a security breach in the Target department-store chain’s point-of-sales terminals, which yielded sensitive information for perhaps 70 million to 110 million customers. The Neiman Marcus luxury department store chain’s network was also compromised, as were retailers elsewhere in the US, as well as in Australia and Canada. (CNN @ KPHO)(Reuters)(BankInfoSecurity)(Krebs on Security)(Krebs @ Twitter)(Fox News)

Officials: Texas Arrests Unlikely to Aid in Netting Target Hackers

Although Texas police arrested two people at the Mexican border with 100 fake credit cards, some of which had debit- and credit-card numbers stolen in the recent network breach of the Target department-store chain, security experts say they are skeptical this will help authorities find the hackers responsible given what authorities characterize as “the vast, labyrinthine nature of the global market for stolen data.” These arrested suspects may have purchased the information they used on the online black market and have no knowledge of who hacked the Target system, according to law enforcement officials. Despite this, the US Secret Service is investigating whether there is a link between the Target attack and the Texas arrests. Typically, when criminals steal massive amounts of debit- or credit-card data, they sell it piecemeal online, said Chester Wisniewski, senior security adviser for the computer security firm Sophos. In the Target breach, hackers stole roughly 40 million debit and credit card numbers plus the personal information of about 70 million people. (Associated Press)(Reuters)

British Citizen Charged in Numerous US Hacking Incidents

US officials have charged a UK computer hacker with breaching thousands of computer systems, including US military and government networks, and stealing confidential data. They charged Lauri Love, 28, with one count of accessing a federal agency’s computer without permission and one count of conspiracy. US attorneys filed their case in New Jersey, the location of one of the servers that Love allegedly used. Love was arrested on 25 October in the UK. Between October 2012 and October 2013, Love and others allegedly placed back doors in networks they breached, which allowed them to re-enter and take data. They reportedly hacked networks including those run by the US Department of Defense’s Missile Defense Agency, the US Army Corps of Engineers, NASA, and the Environmental Protection Agency and allegedly took budget information and personal data on military and government personnel. Love faces US and UK charges related to other incidents. (Reuters)(Associated Press @ Washington Post)

Showing 10 results.